[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: RE:Re: [Full-Disclosure] RE: FWD: Internet Explorer URL parsing vulnerability

I've been getting spam accusation bouncebacks from about 4 people now on this 
thread.  Seems like the entire City of Ft. Worth, TX has a nice big brother in 
place:

The City of Fort Worth has implemented a spam filter.
If you are receiving this message the original e-mail was
determined to be spam and not delivered to its destination.

If this mail is not spam please contact postmaster@fortworthgov.org.

Why the filter thinks this is SPAM:
Message scored 5.5 out of a required 5.0 positive tests.

 3.1 USERPASS               URI: URL contains username and (optional) password
 2.4 HTTP_ESCAPED_HOST      URI: Uses %-escapes inside a URL's hostname

  ----- Original Message ----- 
  From: Exibar 
  To: full-disclosure@lists.netsys.com 
  Sent: Wednesday, December 10, 2003 10:32 AM
  Subject: Re: RE:Re: [Full-Disclosure] RE: FWD: Internet Explorer URL parsing 
vulnerability


  I'll bet that this guy doesn't get half of the e-mail he's expecting.....
    ----- Original Message ----- 
    From: AntiSpam UOL 
    To: exibar 
    Sent: Wednesday, December 10, 2003 11:24 AM
    Subject: RE:Re: [Full-Disclosure] RE: FWD: Internet Explorer URL parsing 
vulnerability


           
                   
                Olá,

                Você enviou uma mensagem para igorcarboni@uol.com.br
                Para que sua mensagem seja encaminhada, por favor, clique aqui

                 
                Esta confirmação é necessária porque igorcarboni@uol.com.br usa 
o Antispam UOL, um programa que elimina mensagens enviadas por robôs, como 
pornografia, propaganda e correntes.

                As próximas mensagens enviadas para igorcarboni@uol.com.br não 
precisarão ser confirmadas*.
                *Caso você receba outro pedido de confirmação, por favor, peça 
para igorcarboni@uol.com.br incluí-lo em sua lista de autorizados.

                      Atenção! Se você não conseguir clicar no atalho acima, 
acesse este endereço:
                      
http://tira-teima.as.uol.com.br/challengeSender.html?data=0C%2BUJvHozYJSDqZeA8HoOXNcbzbyiHEE3QzKqhfTF1HUOTBn1aqyyGwiKIDeJjPbp0yF0rvLLtZ6%0AsFFiP8xdcyjr4oCMD52UFgokem8uLA2kizdJ9sULFX2k6qEGIpi9M9tWre91YYEGWxvTFakHfCXx%0AeHSlqe1A81RX54%2B4dtQ7lvqbPrYbrDL05uyupFnrKCrmLQ3YFLlWOhxOWFK6nw%3D%3D
 
               
         

----------------------------------------------------------------------
         
                   
                Hi,

                You´ve just sent a message to igorcarboni@uol.com.br
                In order to confirm the sent message, please click here

                 
                This confirmation is necessary because igorcarboni@uol.com.br 
uses Antispam UOL, a service that avoids unwanted messages like advertising, 
pornography, viruses, and spams.

                Other messages sent to igorcarboni@uol.com.br won't need to be 
confirmed*.
                *If you receive another confirmation request, please ask 
igorcarboni@uol.com.br to include you in his/her authorized e-mail list.

                      Warning! If the link doesn´t work, please copy the 
address below and paste it on your browser:
                      
http://tira-teima.as.uol.com.br/challengeSender.html?data=0C%2BUJvHozYJSDqZeA8HoOXNcbzbyiHEE3QzKqhfTF1HUOTBn1aqyyGwiKIDeJjPbp0yF0rvLLtZ6%0AsFFiP8xdcyjr4oCMD52UFgokem8uLA2kizdJ9sULFX2k6qEGIpi9M9tWre91YYEGWxvTFakHfCXx%0AeHSlqe1A81RX54%2B4dtQ7lvqbPrYbrDL05uyupFnrKCrmLQ3YFLlWOhxOWFK6nw%3D%3D
 
               

         
          Use o AntiSpam UOL e proteja sua caixa postal